General

  • Target

    45bc5a4aff406b019c4b132bd82a8c8e0cb2419c852eb886798824e33782d427

  • Size

    4.5MB

  • Sample

    240811-ac7zbsverk

  • MD5

    22119fde83b2188167f2dc89cb6a4401

  • SHA1

    3ba3603c55c1c04f233ea2486b0843118c6b587a

  • SHA256

    45bc5a4aff406b019c4b132bd82a8c8e0cb2419c852eb886798824e33782d427

  • SHA512

    e7932a2e3c99bccca18fd9626d718ceb36e56ee6f755b07a3dce1c416e5fac2dc0cb30977ff1a162ee2f8b70f2d7a95d92f465a7739deef92dfe80049f12fcb1

  • SSDEEP

    98304:N9kqcu1XXGYuCVDnbKXSd7Q77l2aOkF1uLM2MCHIXQHrNupZFMt0K1ziRodJ:R1XDnKcE7VOkmLMQoArNupLaR1ziRoD

Malware Config

Targets

    • Target

      45bc5a4aff406b019c4b132bd82a8c8e0cb2419c852eb886798824e33782d427

    • Size

      4.5MB

    • MD5

      22119fde83b2188167f2dc89cb6a4401

    • SHA1

      3ba3603c55c1c04f233ea2486b0843118c6b587a

    • SHA256

      45bc5a4aff406b019c4b132bd82a8c8e0cb2419c852eb886798824e33782d427

    • SHA512

      e7932a2e3c99bccca18fd9626d718ceb36e56ee6f755b07a3dce1c416e5fac2dc0cb30977ff1a162ee2f8b70f2d7a95d92f465a7739deef92dfe80049f12fcb1

    • SSDEEP

      98304:N9kqcu1XXGYuCVDnbKXSd7Q77l2aOkF1uLM2MCHIXQHrNupZFMt0K1ziRodJ:R1XDnKcE7VOkmLMQoArNupLaR1ziRoD

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks